ok look the "DMs are not secure" stuff is missing the point of DMs -- yes, they arent secure, but they are ~private to not-admins
like, privacy-from-observers and security are different things and i hate that people keep thinking people mean one when they def mean the other
'im not really ok with the entirety of ppl following/federated seeing this' is different from 'i need my messages secure forever'
and telling people 'just use signal/etc' for things they want people not to see but dont really care about it being secure is kind of shitty and missing the point
idk DMs are a mess and a big part of it is just that misunderstanding btwn privacy and security being different user expectations i guess
it took forever to get people to impliment DMs in general in the first place because of this
@nire I would rather lean on the side what's safest for folks discussing something truly private elsewhere & not in DM. Users don't know all the admins on Mastodon. Users don't know that GNUSocial doesn't honor our private/DM toots. This is NOT like 1-server birbsite. When new ppl @ someone they may think it's all the same. That's my point; be SAFE & that's what u could help communicate in THE thread as opposed to it's "shitty."
@wxcafe
@boots
@nire these are good points. that said, there are times when you want private conversation to be secure, and it's important to know that dms aren't that -some people WOULD assume.
@Maenad sure but they arent secure in any of the things that dont already bill themselves as secure
@Maenad like -- yes, dont share things that would be incriminating/blackmail worthy if you dont want it to happen, but the threat model is basically 'a rogue admin has someone you want to talk to or impersonates something you want to talk to' and at that point they actually have to want to read your DMs
@Maenad but if you need secure stuff, as always, use secure things, though telegram basically cant be trusted and people keep recommending it so i honestly dont see the point for that one, but i digress, the problem is that the middle ground is 'i dont really want eavesdroppers but username exchange (or worse, phone number for signal) is not worth it (or its own threat)
@Maenad and honestly on the whole, when it comes right down to it people using their actual phone number for signal and exchanging it in a DM is the most catastrophic scenario if a focused person actually wanted to do something
like the problem is not that DMs arent secure, the problem is that, and idk if this has changed recently, but if you DM someone not on a masto instance, it just shows up as a normal post to them, which they can boost/etc unknowingly. and yeah theres a warning, but like